The present invention relates to a policy setting support tool used in an access control system which controls, in accordance with a set of prescribed policies, access to information assets managed by a computer system.
To protect computer resources including information, many of today's computer systems employ a combination of the user authentication mechanism provided by the multi-user, multi-task operating system and an access control mechanism based on the result of the authentication. A typical arrangement is that when accessing an information processing system on which the operating system runs, the user is required to present his/her user ID and password to its host operating system and obtain authentication.
In such an arrangement, every file managed by the information processing system is given an access control list (called a policy) as its security attribute. This list specifies, based on the user ID and the group ID, what type of access (e.g., read, write) each user is granted for the file.
Each time a user attempts to access a file through an application program, the operating system checks his/her user ID and the ID of the group he/she belongs to against the policies assigned to the target file and to the directory it belongs to, and grants access only if he/she is covered by them.
Further, to provide a stricter means of access control, such an arrangement can be expanded to require, as the information on the access requester, the identification of the application program serving as the access intermediary, in addition to the requester's user ID and group ID.
An example of such access control is disclosed in Japanese Laid-Open Patent Publication No. 2001-337864 (Document 1). It should be noted that to prevent unauthorized access, policies should be set up so as to limit access to the minimum level required to carry out the tasks or to provide the intended services.
Further, Japanese Laid-Open Patent Publication No. 2002-108818 (Document 2) discloses a method for reducing the time required to create a security policy, whereby the user creates one by selecting the one best fitting his/her purposes among a number of model or sample policies and modifying it.
In view of providing a secure environment for the use of information assets, it is critical to define policies so as to limit access permission to the bare minimum. If, however, in defining policies one is to consider the identification of the program serving as the carrier of the access request (access intermediary) in addition to the user ID and group ID, it would make the procedure tedious and lengthy, although it would realize more elaborate checking of the access right. For example, one would need to know the specifications of the software such as what data it is going to access.
If the software is composed of more than one program, the problem would become greater. Even with the method disclosed in Document 2, the user would be loaded with increased chores of studying the specifications of the software, because it is nobody but the user who can modify the sample policy so as to fit his/her purpose.
Another conceivable problem arises when the contents of the program file itself are changed because of an update to the program, there is a change in the registered information on the user or the group, or the file or the directory, which is part of the information assets, is deleted, moved, or renamed. In such an event, the registered policy may not correctly reflect the most up-to-date characteristics of the information asset any longer, which would make access control ineffective.